SB2021091717 - Multiple vulnerabilities in libde265

Description

This security bulletin contains information about 19 secuirty vulnerabilities.

1) Out-of-bounds write (CVE-ID: CVE-2020-21606)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input within the put_epel_16_fallback() function. A remote attacker can pass specially crafted input to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.

2) Heap-based buffer overflow (CVE-ID: CVE-2020-21598)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the ff_hevc_put_unweighted_pred_8_sse() function. A remote attacker can pass specially crafted input to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

3) Heap-based buffer overflow (CVE-ID: CVE-2020-21597)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the mc_chroma() function. A remote attacker can pass specially crafted file to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.

4) Buffer overflow (CVE-ID: CVE-2020-21605)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the apply_sao_internal() function. A remote attacker can pass a specially crafted file to the application, trigger memory corruption and perform a denial of service (DoS) attack.

5) Heap-based buffer overflow (CVE-ID: CVE-2020-21604)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the _mm_loadl_epi64() function. A remote attacker can pass specially crafted file to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.

6) Heap-based buffer overflow (CVE-ID: CVE-2020-21603)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the put_qpel_0_0_fallback_16() function. A remote attacker can pass specially crafted file to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.

7) Heap-based buffer overflow (CVE-ID: CVE-2020-21602)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the put_weighted_bipred_16_fallback() function. A remote attacker can pass specially crafted file to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.

8) Stack-based buffer overflow (CVE-ID: CVE-2020-21601)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the put_qpel_fallback() function. A remote attacker can pass a specially crafted file to the application, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.

9) Heap-based buffer overflow (CVE-ID: CVE-2020-21600)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the put_weighted_pred_avg_16_fallback() function. A remote attacker can pass specially crafted file to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.

10) Heap-based buffer overflow (CVE-ID: CVE-2020-21599)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the de265_image::available_zscan() function. A remote attacker can pass specially crafted file to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.

11) Buffer overflow (CVE-ID: CVE-2020-21596)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the decode_CABAC_bit() function. A remote attacker can pass a specially crafted file to the application, trigger memory corruption and perform a denial of service (DoS) attack.

12) Heap-based buffer overflow (CVE-ID: CVE-2020-21595)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the mc_luma() function when decoding files. A remote attacker can pass specially crafted file to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.

13) Heap-based buffer overflow (CVE-ID: CVE-2020-21594)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the put_epel_hv_fallback() function when decoding files. A remote attacker can pass specially crafted file to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.

14) Heap-based buffer overflow (CVE-ID: CVE-2022-47665)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the de265_image::set_SliceAddrRS() function. A remote attacker can pass specially crafted file to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

15) Heap-based buffer overflow (CVE-ID: CVE-2022-43244)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the put_qpel_fallback() function in fallback-motion.cc. A remote attacker can pass specially crafted file to the application, trigger a heap-based buffer overflow and perform a denial of service attack.

16) Heap-based buffer overflow (CVE-ID: CVE-2022-43250)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the put_qpel_0_0_fallback_16() function in fallback-motion.cc. A remote attacker can pass specially crafted file to the application, trigger a heap-based buffer overflow and perform a denial of service attack.

17) Heap-based buffer overflow (CVE-ID: CVE-2022-43249)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the put_epel_hv_fallback() function in fallback-motion.cc. A remote attacker can pass specially crafted file to the application, trigger a heap-based buffer overflow and perform a denial of service attack.

18) Input validation error (CVE-ID: CVE-2022-43245)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the apply_sao_internal() function in sao.cc. A remote attacker can pass specially crafted file to the application and perform a denial of service (DoS) attack.

19) Buffer overflow (CVE-ID: CVE-2022-47664)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the ff_hevc_put_hevc_qpel_pixels_8_sse () function. A remote attacker can pass specially crated input to the application, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

• https://github.com/strukturag/libde265/issues/232
• https://www.debian.org/security/2023/dsa-5346
• https://github.com/strukturag/libde265/issues/237
• https://cwe.mitre.org/data/definitions/122.html
• https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html
• https://github.com/strukturag/libde265/issues/238
• https://github.com/strukturag/libde265/issues/234
• https://github.com/strukturag/libde265/issues/231
• https://github.com/strukturag/libde265/issues/240
• https://github.com/strukturag/libde265/issues/242
• https://github.com/strukturag/libde265/issues/241
• https://github.com/strukturag/libde265/issues/243
• https://github.com/strukturag/libde265/issues/235
• https://lists.debian.org/debian-lts-announce/2022/12/msg00027.html
• https://github.com/strukturag/libde265/issues/236
• https://github.com/strukturag/libde265/issues/239
• https://github.com/strukturag/libde265/issues/233
• https://github.com/strukturag/libde265/issues/369
• https://github.com/strukturag/libde265/issues/342
• https://github.com/strukturag/libde265/issues/346
• https://github.com/strukturag/libde265/issues/345
• https://github.com/strukturag/libde265/issues/352
• https://github.com/strukturag/libde265/issues/368